Just a couple weeks ago our church building burnt to the ground. Thankfully we were able to restore all our data from a backup. As a result I am much more concerned about offsite backup and disaster recovery.

As the financial clerk I am not the only one who uses MLS, but some other users are not as good about performing backups. Additionally I sometimes forget one of the 3 steps:

Backup to C: drive.

Backup to USB drive locked in cabinet.

Update to offsite backup (on USB drive in my pocket).

So the reason for my post is to start a discussion around using Mozy or similar online backup solution. Our stake recently added broadband to all the buildings (which I hear is becoming more common), so this is an option we didn't have before. I know the Church has a policy about not storing Church data on non-Church servers, but I am curious how encryption enters into the picture. There are 4 things that Mozy has going for it:

They support the use of 128-Bit AES encryption with a user specified passkey - it is encrypted on the local machine, and the passkey never leaves the machine. Very secure!

Mozy 2xProtect will also automate the creation of a local backup.

The online backup is completely automated and doesn't require anyone to do anything. That means the offsite backup is always up to date!

I've done a lot of work with encryption (both as a software developer and a consumer) and 128-Bit AES with a good passkey is good encryption. However if that is not enough, then I am also willing to create a local utility using any level of encryption desired that could encrypt the data before Mozy encrypts it. That utility could validate the strength of the passkey as wells as test the encrypted file to make sure it is properly encrypted. And then when those tests pass it would allow Mozy to encrypt it again.

If the idea of using Mozy is not appealing (or the Church doesn't qualify for the free account), then I can certainly create an online backup solution from scratch that uses whatever grade encryption desired, and backs it up to any server desired. If the Church has a server we can use in SLC, maybe Amazon Cloud S3, or someone else could setup a server.

Looking for feedback on the idea. Any suggestions would be great too! Anyone else have luck with this sort of setup?

jimmckeeth wrote:So the reason for my post is to start a discussion around using Mozy or similar online backup solution. Our stake recently added broadband to all the buildings (which I hear is becoming more common), so this is an option we didn't have before. I know the Church has a policy about not storing Church data on non-Church servers, but I am curious how encryption enters into the picture.

The policy is simple, and there's no exception for encryption. So it seems to me that from a policy perspective, the idea of using a third-party backup service is not going to fly.

But unless you are really worried about making online backups more often than monthly, the problem is already solved. The Church already takes a full backup of your MLS data and stores it on their servers once per month. In the event of a catastrophic loss of data, you can contact local unit support and obtain the most recent backup, which should be only an average of two weeks old.

Questions that can benefit the larger community should be asked in a public forum, not a private message.

Alan_Brown wrote:But unless you are really worried about making online backups more often than monthly, the problem is already solved. The Church already takes a full backup of your MLS data and stores it on their servers once per month. In the event of a catastrophic loss of data, you can contact local unit support and obtain the most recent backup, which should be only an average of two weeks old.

Before I knew if our backup was going to work I did contact SLC and their backup was a few weeks old, I don't remember how old. In the case of a fire, the paper files are more likely to be lost than the computer files, so there would be no way to recover even one day's worth of lost data in that situation. Any missing financial data is too much in my opinion.

Alan_Brown wrote:The policy is simple, and there's no exception for encryption. So it seems to me that from a policy perspective, the idea of using a third-party backup service is not going to fly.

I understand the policy is simple, but I guess I was more of suggesting an update to the policy. We were very blessed that our backup was good and up to date, but it easily could have gone the other way, which would have been a major loss.

From a technical point of view, since many Church buildings now use broadband internet to transmit MLS data, that means that MLS data is stored on any number of computers not owned by the church during that process. Any time information is transmitted over the internet it bounces through a number of computers (take a look at a trace route). When information goes through a computer, it is actually stored on the computer for a moment until it is confirmed transmitted (a requirement of the TCP/IP protocol), and then it typically deletes the information. I say typically because if any of those computers along the way is compromised (maliciously, intentionally or on accident), than it could store the data indefinitely, or route a copy to another server, and there would be no way of knowing for Church headquarters or the unit transmitting their data. That is the reason your bank and other web sites use SSL, because they know the data is on other machines during transmission.

So I would hope that the MLS software deals with the issue of transmitting data over the internet with encryption. A good encryption routine (like 128-Bit AES and well maintained keys) is the only way to secure the data in this case (well at least until they develop the quantum data transmission that is able of determining if a copy of the information was made during transmission, but that is a few decades away at least).

So what I am suggesting is actually (from a technical and security point of view) no different than transmitting MLS data over the internet. Now I am not suggesting we stop using broadband, nor am I saying online backup is approved under the policy. Just pointing out that this is a solved problem thanks to encryption, and a common practice for MLS data.

Things have changed with the introduction of broadband access in individual unit buildings, so this is now an option that didn't need to be discussed before.

lakeytw wrote:While the Church is not a For Profit Business, most vendors typically do view the Church as a corporate entity and want to sell the Church their services rather than provide them for free.

I realize that is most likely how it would be classified, but there are other solutions out there. For example if we used a system that backed up to Amazon's S3 then the we would only pay for the very little bandwidth and storage we used. Probably less than $1 a month.

lakeytw wrote:If the passkey resides on the local machine, and the machine is lost, how do you recover the passkey to access the encrypted data?

Simple, you backup the passkey once. Maybe give a copy to each clerk and member of the Bishopric. It doesn't need to change, and would more secure and reliable than having them take the backup home on a USB drive every day.

That is what I expected. So then I guess my question / conjecture is if we provide the same level of encryption as SSL in an online backup solution, then wouldn't that also be permitted? From a technical point of view it is a very similar situation. In both situations (online backup and broadband transmission) encrypted data stored on computers not owned by the church.

Of course I guess the 3rd option is that a full backup is sent to SLC with every transmit changes. Of course that would require infrastructure changes on the part of Church HQ, while using an online backup with high end encryption is something we could start doing right away (again if it is permitted).

Not trying to cause an argument, just raising some questions and concerns and backing up my point of view with facts.

jimmckeeth wrote:Of course I guess the 3rd option is that a full backup is sent to SLC with every transmit changes. Of course that would require infrastructure changes on the part of Church HQ, while using an online backup with high end encryption is something we could start doing right away (again if it is permitted).

Although I think you have some excellent points on the technical side, I still see some challenges:

The example you mentioned (Mozy) only allows free personal usage. So either the Church would have to pay for licenses, or you'll have to choose another service provider. I haven't done much research, but I'm pretty sure that all the free ones have similar limitations.

I mentioned that the policy prohibiting storing files on third party servers had no exclusion for encryption, to which you replied "I guess I was more of suggesting an update to the policy." While such a policy update may seem reasonable, I doubt that it would happen soon, if ever.

Perhaps when the number of units on dial-up is sufficiently small, the Church will increase its frequency of full backups. Or perhaps it would test the connection and increase frequency for units with broadband connections. Those seem like reasonably simple changes. They would increase the server traffic quite a bit (particularly on Sundays), so the Church may not quite be ready to implement something like that.

I certainly agree that it is preferable to have a backup solution that will most likely insure zero data loss in the case of a catastrophic failure, so I like the general idea. I just don't see how to get around the policy and licensing issues at this point.

Questions that can benefit the larger community should be asked in a public forum, not a private message.

Alan_Brown wrote:The example you mentioned (Mozy) only allows free personal usage. So either the Church would have to pay for licenses, or you'll have to choose another service provider. I haven't done much research, but I'm pretty sure that all the free ones have similar limitations.

Amazon Cloud S3 storage would be less than $1 a month for the level of usage we would need. While not free, it would certainly be very affordable, and cheaper than replacing flash drives annually.

Alan_Brown wrote:I mentioned that the policy prohibiting storing files on third party servers had no exclusion for encryption, to which you replied "I guess I was more of suggesting an update to the policy." While such a policy update may seem reasonable, I doubt that it would happen soon, if ever.

Church policy does change from time to time. At one point meeting houses couldn't have internet access and MLS had to be transmitted on dial-up. Both of those policies have changed.

I started this thread for two reasons: solicit feedback form other community members to refine the idea and look for holes. The second reason is to suggest the alternative to Church HQ after adequate information has been collected. Hopefully this is the right forum for the latter.